Messages

Well, Today it able to ping any machine and able to browse interne again. So strange.

One of my LAN - almalinux cannot ping gateway IP. Very strange, it can ping one of the android tv box only. Not others Window Lan as well. I try to disable the firewalld n look the ip route show and found nothing.

 It cannot browser internet anymore. I can browser intenet yesterday. This is proof. Something is broke. I have Wazuh agent install but don't know how to see all the data.

ip route show table all
default via 192.168.1.1 dev eth0 proto dhcp src 192.168.1.100 metric 100
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100 metric 100
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
local 192.168.1.100 dev eth0 table local proto kernel scope host src 192.168.1.100
broadcast 192.168.1.255 dev eth0 table local proto kernel scope link src 192.168.1.100
fe80::/64 dev eth0 proto kernel metric 1024 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
local fe80::96b1:914d:f21d:1e01 dev eth0 table local proto kernel metric 0 pref medium
multicast ff00::/8 dev eth0 table local proto kernel metric 256 pref medium

nicholaswkc@localhost:~$ netstat -r | more
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         _gateway        0.0.0.0         UG        0 0          0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0


nicholaswkc@localhost:~$ arp -a
? (192.168.1.102) at 5c:e9:31:82:02:a0 [ether] on eth0
? (192.168.1.101) at ec:f7:2c:17:a8:69 [ether] on eth0
? (192.168.1.104) at 98:90:96:9b:bf:08 [ether] on eth0
? (192.168.1.106) at <incomplete> on eth0
? (192.168.1.103) at 70:b5:e8:28:70:19 [ether] on eth0
_gateway (192.168.1.1) at 80:61:5f:08:2a:d8 [ether] on eth0

Poosible the hacker assign different vlan?

My claim is valid n not over panaroid about security. I cannot disclose the country I live in. 
I added RESET WAN interface every 10 min using cron job.

Dear all forumers,

I had set the firewall adaptive timeout using 80 and 200 state and firewall schedule in 22:00pm but these settings are lost after 1 day.

I suspect the firewall get hacke by my ISP using private IP PPPOE (CNGA Double NAT) because during my usage of Linux end point, My two folders windows are close simutaneously.  I had strengthen the kernel using tunnable values.

No SSH, No remote desktop/open ports.

Please help me to strengthen the security.

I do not install on VM.

Dear All, I had configure my Squid to use C-ICAP Server but it seems cannot listen to local address.

Anyone please help me. Thanks you very much.

Can the OPNSense affected also if hacker got access to LAN?

Internal Firewall rules with separate zones/interfaces for Wifi/Client/DMZ/Core/etc. Would advise using VLANs if you can, otherwise subneting with /24s is a good idea.

From what I've read, you might also want to turn on MAC-Address filters on your WAPs and/or OPNSense's DHCP, good luck!

I have MAC filtering enabled. NO SSH and open ports. How to create VLAN or subnetting?

Can the OPNSense affected also if hacker got access to LAN?

1. What was hacked seems to be your Windows 11 PC, not OpnSense. Why? Because it does not even make sense to install a .bat file there. Which hacker in his right mind would try to install a payload for a Windows PC on a FreeBSD box?

2. How do you know what the way of intrusion was? "Hacked through 2.4G wifi" can mean anything. I would argue that you surfed the wrong websites and the infection was via a browser exploit.

Nothing of this is inherently linked to OpnSense, so the thread title is misleading. Unless, of course, you expect OpnSense to protect your end devices from OSI layer 8 problems... ;-)

1. All my countries Linux based system cannot browse website unless using VPN.
2. WIFI hacking is quite easily once you master it. They force you to disconnect and connect then the get the plain authentication.

My solution to this disable WIFI completely in my house network.

Hacked through 2.4G(WPA2) wifi and leave .bat file and embedded bat script into word file. I had discontinued of Win10 due to security reason.

Even my portable HD had backdoor in it. I just install clean on everything and siable USB storage also.

All my country mobile data is exposed to hackerable.

Dear all forumers, I been hacked by hackers where they connect to my home 2.4G wifi and embedded backdoor like .bat file (for simple connect to host) or macro enabled file into my word/excel file. 
I know it may sound ridicilously but it's true.

How to get rid of this situation.Any solution to it?
I installed Avast antivurs or MalwareBytes?

Any software that monitor my connection tot he outside world (Wireshark or better)?

Anyone please help me. Thanks you very much.

Dear All, I had configure my Squid to use C-ICAP Server but it seems cannot listen to local address.

See schreeshot.

Interesting that you want opnsense forum questions.